PT-2018-17969 · Pelco · Pelco Sarix Professional
Publicado
2018-03-09
·
Atualizado
2022-02-02
·
CVE-2018-7236
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Pelco Sarix Professional versions prior to 3.29.67
Description
A vulnerability exists due to a lack of authentication for the /login/bin/set param endpoint, which could enable SSH service.
Recommendations
For versions prior to 3.29.67, update to version 3.29.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the /login/bin/set param endpoint until a patch is available.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pelco Sarix Professional